When the deal is finalized in January, Carbon Black will become the security unit of VMware, says Carbon Black CEO Patrick Morley.

"VMware has more than 500,000 customers and more than 70 million virtual machines around the world," Morley says. "The opportunity here for Carbon Black to truly disrupt the security industry - and ultimately help more customers stay safe from cyberattacks - has never been bigger."

On Thursday, VMware also announced a deal to acquire Pivotal, a company that focuses on helping its customers build applications in the cloud as well as through new technologies such as containers. The acquisition values Pivotal at about $2.7 billion, according to the announcement.

Carbon Black's Journey

The company that became Carbon Black was founded in 2002 as Bit9. In February 2014, Bit9 merged with the startup firm Carbon Black and adopted its name. The company had its initial public offering in 2018, with a market value of about $1.25 billion at that time. The company's market value on Thursday stood at $1.8 billion.

Carbon Black's stock price ended the day Thursday at $24.50 per share, and VMware plans to pay $26 per share in the deal.

Carbon Black says it currently has about 5,600 enterprise customers.

Impact of Deals

For VMware, which has been focusing more and more on hybrid and multicloud architectures, the two acquisitions create a way for the company to not only deliver the infrastructure its customers need for their digital transformation initiatives, but also new ways to build and update applications and then to secure those apps once they are deployed, CEO Pat Gelsinger says.

"As digital transformation accelerates in enterprises, we see three secular trends becoming stronger: First, multicloud is the new model for enterprise IT; second, digital transformation is driving accelerated pace of cloud native app development," Gelsinger said Thursday during the company's second-quarter earnings call when both acquisitions were announced. "Last, but not least, as businesses move applications to the cloud and access it over distributed networks and from a diversity of endpoints, security has become a significant challenge and priority."

Through its acquisition of Carbon Black, VMware will significantly boost its security portfolio by providing customers tools such as advanced threat detection and in-depth application behavior insight that can prevent sophisticated attacks, especially those that target modern applications, as well as accelerate the response time for when attacks do happen, Gelsinger says.

Security Consolidation

VMware's acquisition of Carbon Black is further evidence that the cybersecurity industry is under a period of consolidation, especially as businesses invest more in security and older, more establish players look for ways to diversify their revenue streams, says Jeff Pollard, a principal analyst focused on IT security at Forrester Research.

"It's not surprising to see consolidation in the cybersecurity market, especially in the endpoint space, which is still quite crowded," Pollard tells Information Security Media Group. "Enterprise software companies are turning to cybersecurity companies for the promising growth rates in the industry, and to build out a more diverse portfolio that appeals to the various stakeholders involved in cybersecurity - IT, security and developers."

Earlier this week, security firm Splunk announced it would pay a little over $1 billion for SignalFx, which provides real-time cloud monitoring capabilities to customers and can help IT and security teams detect anomalies in network traffic.

Gelsinger told analysts Thursday that the security market has become too fragmented with too many offerings. VMware will use Carbon Black's technology to offer customers a way to secure all their endpoints, from physical devices to app living in the cloud, he added.

"As I have said before, the current cybersecurity industry is simply broken and ineffective with a plethora of fragmented tools, bloatware agents and no cohesive platform architecture," Gelsinger said. "But today we are taking a huge step forward in security by bringing Carbon Black into the VMware family to deliver an enterprise grade platform to protect workloads, applications, and networks, from device to cloud."

Future Plans

In his presentation, Gelsinger offered a brief roadmap of how Carbon Black's offerings will eventually fit into some of the products that VMware offers.

(Image: VMware)

For instance, VMware plans to integrate some of Carbon Black's technology into the company's software-defined network offering called VMwareNSX.

"We've also been organically building the NSX security capabilities with our micro-segmentation for several years, and we're going to be embedded Carbon Black technology into that," Gelsinger told analysts.

VMWare also has plans to integrate technologies from both companies into VMware Secure State, a cloud configuration, security and compliance platform that VMware released in August 2018. Other integrations and offerings are also in the works, Gelsinger said.

With its acquisition of Pivotal, VMware plans to delve further into the cloud, including application development and containers. Pivotal recently went all-in on Kubernetes, the container orchestration and management platform backed by Google.

About the Author

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at IDG, Business Standard, Bangalore Mirror and The New Indian Express, where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;